ISA 315 (Revised 2019)
Presented by:
Beverley Bahlmann
IAASB Deputy Director
SAICA
By Videoconference
September 10, 2021
Introduction
2
• ISA 315 (Revised 2019) approved June 2019
o Includes conforming amendments to other ISAs
o Including to ISA 540 (Revised)
• Project objectives:
o To establish a more appropriate risk assessment, including a focus on scalability
o To deal with rapidly changing business and audit environment (technology)
o To enhance the application of professional skepticism when performing risk
assessment procedures
o To clarify the nature and extent of the auditor’s understanding of internal control
o Development of non-authoritative guidance / tools to support implementation (as
appropriate)
ISA 315 (Revised) – Key Aspects
Page 3
• Iterative nature of standard
o ISAs are written in linear manner – many aspects of ED–315 interconnected and often
performed by auditors in an iterative manner
❑ Firms may have different approaches – for example, the order in which risks of
material misstatement, the significant classes of transactions, account balances or
disclosures, and relevant assertions are identified
• New introductory paragraphs provide summary of flow of standard, also
highlighting its iterative nature
• Flowcharts have been developed as guidance for the flow of the standard
Flowchart
4
Key Enhancements
Page 5
• Scalability
o Application material - for entities that are both ‘smaller and less complex’
o Removed specific ‘considerations specific to smaller entities’ – built into text as appropriate
• Automated tools and techniques (including data analytics)
o Application material provide examples of how automated tools and techniques are being used
o The broader term ‘automated tools and techniques’ used
• The auditor’s considerations relating to fraud
o Throughout the standard
o Inherent risk factors
• Professional skepticism
o Key new provisions to enhance the auditor’s exercise of professional skepticism
Key Enhancements
Page 6
Risk Assessment Procedures
• Performed to provide a basis for identifying and assessing risks of material misstatement
Understanding the Entity and its Environment
• Enhanced understanding, more focus on the entity’s
o Business model
o Use of IT
• Interaction of this understanding with inherent risk factors (new)
Understanding the Applicable Financial Reporting Framework
• Greater focus on importance of financial reporting in identifying risks of material
misstatement
Understanding the Entity’s System of Internal Control
Page 7
• Maintained the 5 components of internal control
– Enhanced as necessary to align with COSO
• Controls definition
– Recognizes ‘less formalized’ policies andprocedures (scalability)
Definitions
New Revised
Application controls Controls
General IT controls Access controls (glossary)
IT environment
Components of Internal
Control
1. Control environment
2. The entity’s risk
assessment process
3. The entity’s process to
monitor the system of
internal control
4. The information system
and communication
5. Control activities
Understanding the Entity’s System of Internal Control
Page 8
• More specificity about what ‘controls relevant to the audit’ means (identified controls)
o Clarifying when evaluating the design of controls and determining whetherimplemented (D&I) is required
• Clarified the work effort in relation to:
o Understanding each component of the system of internal control
o Understanding the information system, including information system controls relevant tofinancial reporting
❑ Application material provides guidance to distinguish ‘information system controls’ from‘identified controls’
o Application controls and general IT controls
• Enhanced responsibility to identify and determine further action if necessary relating todeficiencies in the system of internal control in relation to all the components
Understanding the Entity’s System of Internal Control ‘Indirect’ Controls
Identified controls (apply criteria specified)
‘Direct’ Controls
CE, RA, M IS
Risks @ Financial Statement level
Risks @ Assertion level
GITCs relevant to audit(apply criteria specified)
Perform D&I on controls identified
Primarily
Influence
Page 7
Identifying and Assessing Risks of Material Misstatement
Page 10
Definitions
New Revised
Inherent risk factors Assertions
Relevant assertion Significant risk
Significant classes of transactions,
account balances or disclosures
Inherent risk factors include:
1. Complexity
2. Subjectivity
3. Uncertainty
4. Change
5. Susceptibility to misstatement due to
management bias or fraud
Key change in assessing risk of material misstatement
Separate assessment of inherent risk and control risk
Concept of ‘spectrum of inherent risk’
The degree to which inherent risk varies, is referred to as the ‘spectrum of inherent risk’ – consider
likelihood and magnitude of material misstatement to determine where on the spectrum the risk lies
Overview of the Inherent Risk Assessment Process
Page 11
Identify Significant Classes of Transactions, Account Balances
and Disclosures; Relevant Assertions
Spectrum of Inherent Risk
Determine SignificantRisks
Understand the
Entity and Its
Environment
Understand the
Applicable FRF
Significant Risks
Page 12
Significant risks – Other ISAs
ISA 240 – para. 27
Presumption that there is a risk of fraud in
revenue recognition
ISA 550 – para.18
Identified significant related party transactions
outside the normal course of business
Identifying and Assessing Risks of Material Misstatement
Page 13
• NEW stand-back requirement – i.e., no relevant assertion(s) for a class oftransaction, account balance or disclosure (i.e. not a significant COTABD)
• Material classes of transactions, account balances or disclosures
o ISA 330 para. 18 maintained; linked to stand back on non-significant classes oftransactions, account balances or disclosures
o Conforming amendments to ISA 330 paragraph 18
• Application material explains interaction of relevant assertions and significant classes of transactions, account balances or disclosures and how they are used in identifying risks
What else is new or revised?
ISA 315 (Revised) – Other Matters
Page 14
• Documentation
o More specificity relating to identifiedcontrols
o Identified and assessed ROMM –including significant risks and therationale of related significantjudgments
o Although limited changes todocumentation requirements, IAASBof the view that enhancedrequirements will require morespecific documentation, as a resultof the requirements of ISA 230
ISA 230 paragraph 8: The auditor shall prepare audit documentation
that is sufficient to enable an experienced
auditor, having no previous connection with the
audit, to understand:
(a) The nature, timing and extent of the audit
procedures performed to comply with the
ISAs and applicable legal and regulatory
requirements;
(b) The results of the audit procedures
performed, and the audit evidence obtained;
(c) Significant matters arising during the audit,
the conclusions reached thereon, and
significant professional judgments made in
reaching those conclusions.
Appendices
Page 15
# Appendix
1 Considerations for Understanding the Entity and Its Business Model *
2 Understanding the Inherent Risk Factors *
3 Understanding the Entity’s System of Internal Control *
4 Considerations for Understanding Internal Audit * (New appendix)
5 Considerations for Understanding Information Technology * (New appendix)
6 Considerations for Understanding General IT Controls
www.iaasb.org
For copyright, trademark, and permissions information, please go to permissions or contact [email protected].
@International Auditing and
Assurance Standards Board@IAASB_News @International Auditing &
Assurance Standards Board
Top Related